Strengthening security

With the dramatic rise of state-sponsored cyber attacks and malicious actors online, we believe our products and services are only as helpful as they are secure. At Google, we are more focused than ever on:

1. Protecting people, businesses and governments: Security is the cornerstone of our product strategy, which is why our products have built-in protections that make them secure by default.
2. Empowering society to address cybersecurity risks: We empower societies to unlock the potential of open source and share our knowledge and expertise transparently with the industry to keep ecosystems safer.
3. Advancing future technologies: We want to protect societies from the next generation of cyber threats. Building on our AI expertise, we are designing the next wave of architectures to push the boundaries of security innovation.

Yes. We keep people, businesses, and governments safe online with built-in protections that make our products secure-by-default. Automatic security protections applying advances in AI are built into our products and services to deliver safe experiences to users. For example, AI-powered defenses in Gmail automatically block more than 99.9 percent of spam, phishing, and malware.

Google Cloud’s cloud-native security offerings help enterprises and public sector agencies stay protected throughout the security lifecycle. From real-time, in-depth threat intelligence by Threat Intelligence Group (TAG) and Mandiant (now part of Google Cloud), to Google Cloud Confidential Computing, a breakthrough technology that keeps data encrypted while it is being processed, so it stays secure throughout its entire life cycle. Read more about how we design protections into our products.

For individuals at high risk of serious threats, Google provides advanced security resources, including Enhanced Safe Browsing and the Advanced Protection Program. When these tools are used in combination with Google’s Security Checkup, they provide the fastest and strongest level of protection against serious threats.

In today’s interconnected environment, our collective security is only as strong as the weakest link. That’s why we design solutions that eliminate entire classes of threats both on our platforms and across the Internet as a whole.

• We believe openness and transparency are fully compatible with strong security—in fact, we believe an open internet is a more secure internet. We are committed to upholding openness and interoperability principles for the ecosystem, which ensures that the latest security innovations can benefit everyone online. Google Cloud is our multi cloud platform and Android is our open mobile ecosystem.

• We are strengthening open source security. We help societies unlock the power of open source safely by driving global standards that keep the Internet open and secure for everyone. That’s why we committed to investing $100M to help secure supply chains.  But to fully unlock the value of open source, we need stronger public-private partnerships and dynamic policy frameworks to shore up security for everyone. We welcome efforts by the U.S. Government to advance Open Source Software security, such as the Securing Open Source Software Act introduced in the Senate in 2022. We partnered with the Open SSF to develop and release a proven framework for securing the software supply chain and enabling long-term, foundational security for the entire software ecosystem.

• We are sharing information on threats & vulnerabilities. We democratize threat intelligence & incident response by sharing our expertise with organizations through insights from our security teams including Google's Open Source Security Team, TAG, Project Zero, and many others.

• We are sharing governance best practices. We share our learnings from building the most trusted cloud platform with boards and enterprises to meet governance needs.

The first is building a robust cyber workforce. We support targeted programs & campaigns to help meet the cyber workforce talent gap, both now and in the future.

• Investing in education and training. We invest in programs to train the next generation of cybersecurity professionals and expand the pathways to join this critical field. We recently announced the launch of the Google Cybersecurity Certificate as the newest addition to our Google Career Certificates, which provide job seekers with affordable paths to careers in data analytics, IT support, business intelligence, and more. We also offer the Growth Academy which provides cybersecurity startups with essential growth skills, internationalization strategies, and Google tools & products to help them scale.

• Partnering with other organizations. We partner with cybersecurity leaders, governments, and security communities to advance global standards that put user protections first, combat disinformation, and share threat intelligence to keep the Internet open and secure for everyone. Read about GCAT’s mission of supporting the security and digital transformation of governments, critical infrastructure, enterprises, and small businesses.

We are continuously working to advance the state of the art in cybersecurity to build a safer world for everyone. We work to safeguard vulnerable users from online attacks while protecting their privacy through advancements in AI, hardware, and cloud computing and driving international standards for quantum computing.

• Using AI to detect and respond to threats: Google's Chronicle Security Analytics and Operations Platform uses AI to collect and analyze security telemetry from a variety of sources, including Google Cloud Platform (GCP), on-premises systems, and third-party products. This allows us to get a comprehensive view of our security posture and respond to threats quickly. In addition, we protect Gmail users from nearly 15 billion unwanted messages a day, blocking more than 99.9% of spam, phishing, and malware.

  We recently announced Google Cloud Security AI Workbench which powers new offerings that can now uniquely address three top security challenges: threat overload, toilsome tools, and the talent gap.

• Developing post-quantum cryptography: Future-focused, we continue to develop next-generation cryptographic systems that safeguard against the breaking of public-key cryptosystems and compromising digital communications. The National Institute of Standards and Technology selected a submission with Google’s involvement (SPHINCS+) for standardization.

• Investing in hardware security: We invest in hardware security in order to make our systems more resistant to attack. This includes protecting our data centers from physical threats and implementing trusted hardware such as security keys, a phishing-resistant 2nd factor of authentication.

Read more about cybersecurity advancement here

Google is providing a range of cybersecurity and technical infrastructure support to Ukraine. These efforts are ongoing and we update our progress in this link, including:

• Donating 50,000 Google Workspace licenses for the Ukrainian government. This gives Ukrainian public institutions access to Google's cloud-first, zero-trust security model, which can help them protect their digital systems from attack.

• Expanded eligibility for Project Shield, Google's free protection against distributed denial of service attacks (DDoS), to help Ukrainian government websites and embassies worldwide stay online and continue to offer critical services.

• Providing direct assistance to Ukrainian government entities under the Cyber Defense Assistance Collaborative. This includes compromise assessments, incident response services, shared cyber threat intelligence, and security transformation services.

• Taking measures to indefinitely pause monetization and limit the reach of Russian state news media. This is part of Google's ongoing efforts to combat disinformation.

We recently announced our partnership with IFES (International Foundation for Electoral Systems) to mitigate cybersecurity threats to elections and democracy. The partnership will focus on three key areas:

• Training and awareness: We will work together to develop and deliver training programs on cybersecurity best practices for election officials, journalists, and other high-risk users in 30 countries. The training will cover topics such as how to protect personal information, spot phishing attacks, and report suspicious activity.

• Research and development: We will work together to develop new tools and resources to help election officials and other high-risk users stay safe online. This includes research on emerging threats and the development of new security products and services.

• Policy and advocacy: We will work together to promote policies and practices that will help to protect elections and democracy from cyber threats. This includes helping governments and other organizations develop and implement cybersecurity standards, as well as advocating for greater transparency and accountability in the digital space.